CVE-2023-53376Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-131Incorrect Calculation of Buffer Size6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 99.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
LinuxLinux KernelDebian Linux+3 more
Timeline
PublishedSep 18

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the mpi3mr driver calculates sizes of bitmaps using byte as unit. However, bitmap helper functions assume that bitmaps are allocated using unsigned long as unit. This gap causes memory access beyond the bitmap sizes and results in "BUG: KASAN: slab-out-of-bounds". The BUG was observed at firmware download to eHBA-9600. Call trace indicated that the ou

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages7 packages

NVDlinux/linux_kernel5.146.1.18+1
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linux824a156633dfdb0e17979a0d0bb2c757d1bb949c6a675a6d57d31da43d8da576465c1cd5d5b0bd3d+3
debiandebian/linux< linux 6.1.20-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-6f3q-hg2c-hwrx: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the2025-09-18
OSV
CVE-2023-53376: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Use number of bits to manage bitmap sizes To allocate bitmaps, the m2025-09-18

📋Vendor Advisories

3
Red Hat
kernel: scsi: mpi3mr: Use number of bits to manage bitmap sizes2025-09-18
Microsoft
scsi: mpi3mr: Use number of bits to manage bitmap sizes2025-09-09
Debian
CVE-2023-53376: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3m...2023
CVE-2023-53376 — Out-of-bounds Read in Linux | cvebase